China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
Researchers at Slovak cybersecurity company ESET have attributed a series of cyber attacks to a previously undocumented China-aligned threat cluster, dubbed LongNosedGoblin.
The attacks, which targeted governmental entities in Southeast Asia and Japan, aimed at cyber espionage, with the threat activity cluster active since at least September 2023.
Moreover, LongNosedGoblin uses Group Policy to deploy malware across the compromised network, and cloud services as command and control (C&C) servers.
Malware Deployment and Tactics
The attacks are characterized by the use of a varied custom toolset that mainly consists of C#/.NET applications, including NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, NosyLogger, and others.
Meanwhile, the exact initial access methods used in the attacks are presently unknown, but further analysis has determined that while many victims were affected by NosyHistorian between January and March 2024, only a subset of these victims were infected with NosyDoor, indicating a more targeted approach.
Consequently, the cybersecurity company noted that the threat actor’s tradecraft shares tenuous overlaps with clusters tracked as ToddyCat and Erudite Mogwai, but emphasized the lack of definitive evidence linking them together.
Malware Variants and Command and Control Servers
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE Tweet Share Share Share SHARE
Source: Link
